You have Javascript disabled. While you will be able to browse this site without Javascript, some functionality on this site will not work without it. We strongly recommend enabling Javascript in your browser. This site uses cookies and collects data about visitor behavior for improving user experience, identifying returning visitors, and providing personalized offers. Your continued use of this site indicates your consent to this. See Privacy Policy for details or if you wish to disable cookies.

Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

This site uses cookies and collects data about visitor interaction for improving user experience, identifying returning visitors, and providing personalized offers. Your continued use of this site indicates your consent to this. See Privacy Policy for details or if you wish to disable cookies.

Setting this is mandatory if the HostbasedAuthForceClientHostnameDNSMatch keyword in the sshd2_config file on Server has been set to yes. But even if HostbasedAuthForceClientHostnameDNSMatch is not used, the DefaultDomain keyword is useful, for example, on AIX and Solaris, which report only the short hostname by default.

Certificates

It is possible to use a certificate instead of the traditional public-key pair to authenticate the client host.

To enable host-based authentication with certificates on the client, do the following steps as ClientUser:

Add the following line in the /etc/ssh2/ssh2_config file:

AllowedAuthentications hostbased

Enroll a certificate for client. See User Authentication with Certificates for more information. The certificate must contain a dns extension which contains the fully qualified domain name (FQDN) of client. Note that the private key associated with the certificate needs to be stored with an empty passphrase.